Tor Browser 7.5a4 is released

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor alpha release (0.3.1.5-alpha) + an updated OpenSSL (1.0.2l), HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1). We also update sandboxed-tor-browser (to 0.0.12).

my browser updated fine, loads fine, tests for network connection just fine, but when I open a new tab / try to go to bookmarked pages, the browser crashes with "a program has caused it to crash" error.

Note that the HTTPS Everywhere WebExtension is already done (it's what the Chromium HTTPS Everywhere addon is), the only work needed is to make it work on Firefox and work out the rough edges and the issues that may happen.

Privilege of a website is not necessarily bound to the respective process it is running in. Think about pre e10s days: there was just a single process but nevertheless existed privilege differences between browser chrome pages and normal web content.

Content should not be able to link to them, yes. That's what the nsIAboutModule::MAKE_UNLINKABLE flag is for. It's just that the page itself runs with content privileges. Normal web content should not be able to access it.

Just upgraded the Tor browser on 8/10/17 for Windows 10 Pro. Browser crashed and will not restart. An error message for firefox.exe of 0xc0000022 is displayed when attempting to load. Seems related to the update. Any thoughts?

I'm having repeated issues with the recent update Trend Micro is showing the update is infecting various files within the build including firefox.exe. I have downloaded build and having the same problem. Am I alone?

This sounds like a Trend Micro problem. Antivirus software really hates Tor Browser. Every new release there's people complaining about their favorite antivirus software breaking Tor Browser. Or complaining about a broken Tor Browser but not knowing why it is broken.

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.3.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It introduces a mechanism to handle the high loads that many relay operators have been reporting recently. It also fixes several bugs in older releases. If this new code proves reliable, we plan to backport it to older supported release series.

Changes in version 0.3.3.2-alpha - 2018-02-10

Major features (denial-of-service mitigation):

Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many concurrent connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902.

Major bugfixes (netflow padding):

Stop adding unneeded channel padding right after we finish flushing to a connection that has been trying to flush for many seconds. Instead, treat all partial or complete flushes as activity on the channel, which will defer the time until we need to add padding. This fix should resolve confusing and scary log messages like "Channel padding timeout scheduled 221453ms in the past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.